test infra reply: drop UID 1000, run as root
Browse files- Dockerfile +8 -25
Dockerfile
CHANGED
|
@@ -1,31 +1,14 @@
|
|
| 1 |
-
#
|
| 2 |
-
#
|
|
|
|
|
|
|
|
|
|
|
|
|
| 3 |
FROM python:3.12-slim
|
| 4 |
|
| 5 |
-
|
| 6 |
-
RUN useradd -m -u 1000 user
|
| 7 |
|
| 8 |
-
|
| 9 |
-
USER user
|
| 10 |
-
|
| 11 |
-
# Set home to the user's home directory
|
| 12 |
-
ENV HOME=/home/user \
|
| 13 |
-
PATH=/home/user/.local/bin:$PATH
|
| 14 |
-
|
| 15 |
-
# Set the working directory to the user's home directory
|
| 16 |
-
WORKDIR $HOME/app
|
| 17 |
-
|
| 18 |
-
# Copy the current directory contents into the container at $HOME/app
|
| 19 |
-
# setting the owner to the user
|
| 20 |
-
COPY --chown=user . $HOME/app
|
| 21 |
-
|
| 22 |
-
# Try and chown /data so it's writable by the user. This is EXACTLY what
|
| 23 |
-
# the docs suggest for writable runtime directories. It will be overridden
|
| 24 |
-
# at runtime when the bucket mount lands on top — that's the bug we're
|
| 25 |
-
# demonstrating.
|
| 26 |
-
USER root
|
| 27 |
-
RUN mkdir -p /data && chown -R user:user /data && chmod -R 777 /data
|
| 28 |
-
USER user
|
| 29 |
|
| 30 |
EXPOSE 7860
|
| 31 |
CMD ["python", "-u", "app.py"]
|
|
|
|
| 1 |
+
# 2026-04-08 update: HF infra confirmed Docker Spaces no longer need to drop to
|
| 2 |
+
# UID 1000 — buckets are mounted to be writable by root, which is now the
|
| 3 |
+
# intended default for Docker SDK Spaces (policy not yet publicly documented).
|
| 4 |
+
# This Dockerfile is the "follow-up test": same probe code, same bucket, but
|
| 5 |
+
# we stay as root for the runtime. Expectation: all probes that failed under
|
| 6 |
+
# UID 1000 should now pass.
|
| 7 |
FROM python:3.12-slim
|
| 8 |
|
| 9 |
+
WORKDIR /app
|
|
|
|
| 10 |
|
| 11 |
+
COPY . /app
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 12 |
|
| 13 |
EXPOSE 7860
|
| 14 |
CMD ["python", "-u", "app.py"]
|